Auth RCE via Metadata Update in Cisco Nexus Dashboard Insights
CVE-2026-20174 Published on April 1, 2026
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.
This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
Vulnerability Analysis
CVE-2026-20174 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2026-20174 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2026-20174
stack.watch emails you whenever new vulnerabilities are published in Cisco Nexus Dashboard or Cisco Nexus Dashboard Insights. Just hit a watch button to start following.
Affected Versions
Cisco Nexus Dashboard:- Version 3.1(1k) is affected.
- Version 3.1(1l) is affected.
- Version 3.2(1e) is affected.
- Version 3.2(1i) is affected.
- Version 3.3(1a) is affected.
- Version 3.3(1b) is affected.
- Version 3.3(2b) is affected.
- Version 4.0(1i) is affected.
- Version 3.3(2g) is affected.
- Version 3.2(2f) is affected.
- Version 3.2(2g) is affected.
- Version 3.2(2m) is affected.
- Version 3.1(1n) is affected.
- Version 4.1(1g) is affected.
- Version 2.2.2.125 is affected.
- Version 2.2.2.126 is affected.
- Version 5.0.1.150 is affected.
- Version 5.0.1.154 is affected.
- Version 5.1.0.131 is affected.
- Version 5.1.0.135 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2 is affected.
- Version 6.1.1 is affected.
- Version 6.1.2 is affected.
- Version 6.1.3 is affected.
- Version 6.2.1 is affected.
- Version 6.2.2 is affected.
- Version 6.3.1 is affected.
- Version 6.4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.